Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34947

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Published

2024-05-07T23:15:07.653

Last Modified

2025-08-14T01:42:44.800

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	d7800_firmware	< 1.0.1.64	Yes
Hardware	netgear	d7800	-	No
Operating System	netgear	ex2700_firmware	< 1.0.1.66	Yes
Hardware	netgear	ex2700	-	No
Operating System	netgear	ex6100_firmware	< 1.0.1.106	Yes
Hardware	netgear	ex6100	v2	No
Operating System	netgear	ex6150_firmware	< 1.0.1.106	Yes
Hardware	netgear	ex6150	v2	No
Operating System	netgear	ex6200_firmware	< 1.0.1.86	Yes
Hardware	netgear	ex6200	v2	No
Operating System	netgear	ex6250_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex6250	-	No
Operating System	netgear	ex6400_firmware	< 1.0.2.164	Yes
Hardware	netgear	ex6400	-	No
Operating System	netgear	ex6400v2_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex6400v2	-	No
Operating System	netgear	ex6410_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex6410	-	No
Operating System	netgear	ex6420_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex6420	-	No
Operating System	netgear	ex6500v1_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex6500v1	-	No
Operating System	netgear	ex7300_firmware	< 1.0.2.164	Yes
Hardware	netgear	ex7300	-	No
Operating System	netgear	ex7300v2_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex7300v2	-	No
Operating System	netgear	ex7320_firmware	< 1.0.0.146	Yes
Hardware	netgear	ex7320	-	No
Operating System	netgear	ex7700_firmware	< 1.0.0.222	Yes
Hardware	netgear	ex7700	-	No
Operating System	netgear	ex8000_firmware	< 1.0.1.238	Yes
Hardware	netgear	ex8000	-	No
Operating System	netgear	lbr1020_firmware	< 2.6.5.32	Yes
Hardware	netgear	lbr1020	-	No
Operating System	netgear	lbr20_firmware	< 2.6.5.32	Yes
Hardware	netgear	lbr20	-	No
Operating System	netgear	r6700ax_firmware	< 1.0.5.108	Yes
Hardware	netgear	r6700ax	-	No
Operating System	netgear	r7800_firmware	< 1.0.2.84	Yes
Hardware	netgear	r7800	-	No
Operating System	netgear	r8900_firmware	< 1.0.5.36	Yes
Hardware	netgear	r8900	-	No
Operating System	netgear	r9000_firmware	< 1.0.5.36	Yes
Hardware	netgear	r9000	-	No
Operating System	netgear	rax10_firmware	< 1.0.5.108	Yes
Hardware	netgear	rax10	-	No
Operating System	netgear	rax120_firmware	< 1.2.2.24	Yes
Hardware	netgear	rax120	-	No
Operating System	netgear	rax120v2_firmware	< 1.2.2.24	Yes
Hardware	netgear	rax120v2	-	No
Operating System	netgear	rax70_firmware	< 1.0.5.108	Yes
Hardware	netgear	rax70	-	No
Operating System	netgear	rax78_firmware	< 1.0.5.108	Yes
Hardware	netgear	rax78	-	No
Operating System	netgear	rbr10_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr10	-	No
Operating System	netgear	rbr20_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr20	-	No
Operating System	netgear	rbr40_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr40	-	No
Operating System	netgear	rbr50_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr50	-	No
Operating System	netgear	rbs10_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs10	-	No
Operating System	netgear	rbs20_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs20	-	No
Operating System	netgear	rbs40_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs40	-	No
Operating System	netgear	rbs50_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs50	-	No
Operating System	netgear	rbs50y_firmware	< 2.7.4.12	Yes
Hardware	netgear	rbs50y	-	No
Operating System	netgear	wn3000rpv2_firmware	< 1.0.0.88	Yes
Hardware	netgear	wn3000rpv2	-	No
Operating System	netgear	wnr2000v5_firmware	< 1.0.0.78	Yes
Hardware	netgear	wnr2000v5	-	No
Operating System	netgear	xr450_firmware	< 2.3.2.130	Yes
Hardware	netgear	xr450	-	No
Operating System	netgear	xr500_firmware	< 2.3.2.130	Yes
Hardware	netgear	xr500	-	No
Operating System	netgear	xr700_firmware	< 1.0.1.44	Yes
Hardware	netgear	xr700	-	No

References

https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 Third Party Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ Third Party Advisory ([email protected])
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)